After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 720064 - offer MAC address randomization per connection
offer MAC address randomization per connection
Status: RESOLVED DUPLICATE of bug 734081
Product: NetworkManager
Classification: Platform
Component: general
unspecified
Other Linux
: Normal enhancement
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2013-12-08 16:41 UTC by Daniel Kahn Gillmor
Modified: 2015-10-08 16:13 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Daniel Kahn Gillmor 2013-12-08 16:41:48 UTC 
I would like to make my NIC offer a random MAC address each time it is connected to a network.  This seems like a use case that NetworkManager should be able to support, since it supports "cloned" MAC addresses already.

From a UI perspective, for nm-connection-editor, i'd like to see a checkbox in the "ethernet" tab (for wired connections) or the "Wi-Fi" tab (for wireless connections) between "Device MAC address" and "Cloned MAC address" that says "Random MAC Address on each connection".

When the checkbox is checked, "Cloned MAC address" should be disabled (greyed out).

When a connection with this property is selected for a newly-available link, network-manager should select a random MAC address for the device (see http://www.alobbs.com/macchanger for example of how to select a random MAC address in a plausible fashion) and set the device to that value.

When the connection is terminated by the user (either by turning off the network device, or by selecting a different connection profile), the MAC address for the device should be reset to the permanent hardware value (e.g. `macchanger -p`).

If an established randomized connection that uses dynamic IP configuration (e.g. DHCP (for IPv4) or dynamic IPv6 assignment) fails due to flaky network connectivity or the machine going to sleep, the MAC address shouldn't be reset to the permanent hardware value immediately.

If flaky network connectivity on a dynamically-configured link is resolved (or when waking from sleep) within some timeout (twice the TCP timeout?) the device shouldn't have its MAC address re-randomized, so that active TCP sessions won't get broken by a brief interruption and the subsequent change in the IP layer we could expect on a DHCP network.
Comment 1 Pavel Simerda 2013-12-09 07:12:52 UTC 
Patches welcome. We should wait for a while if anyone's interested and close the bugreport as WONTFIX if not.
Comment 2 What, Me Urgent? 2013-12-13 17:26:24 UTC 
I also would like to see this feature added.

Further, it would be nice to allow four types of cloning:

1] full randomization (macchanger -r)
2] randomization for same vendor (macchanger -e)
3] randomization from among a user-supplied list
4] select from a user-supplied list
Comment 3 Pavel Simerda 2013-12-17 08:42:47 UTC 
(In reply to comment #2)
> Further, it would be nice to allow four types of cloning:

Please don't confuse cloning MAC addresses with cloning MAC addresses. Cloning is a specific subset that means using the MAC address of another device in the system.

That it's wrongly used in NetworkManager configuration is another topic.
Comment 4 Daniel Kahn Gillmor 2013-12-17 15:44:18 UTC 
(In reply to comment #3)

> Please don't confuse cloning MAC addresses with cloning MAC addresses. 

I think Pavel means "Please don't confuse randomizing MAC addresses with cloning MAC addresses" :)
Comment 5 Pavel Simerda 2013-12-17 22:57:31 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> 
> > Please don't confuse cloning MAC addresses with cloning MAC addresses. 
> 
> I think Pavel means "Please don't confuse randomizing MAC addresses with
> cloning MAC addresses" :)

+1

Actually I intended to write "changing" instead of "randomizing" to be more general.

I guess the "clone" came from some poorly named webui form fields of commodity routers which sometimes came with the actual cloning feature where the first connected computer to LAN determined the mac address for WAN and sometimes with the explicit MAC setting and optionally a "clone" button to copy the address from the connected LAN computer used during the setup.
Comment 6 Dan Williams 2015-02-05 00:07:35 UTC 
Update here: wpa_supplicant 2.3+ offers facilities for MAC randomization which we should use on the wifi side.  NM will need to grow an option to set this per-connection, and then we need to hook that up with wpa_supplicant.  Not too complicated.  Then we'll need some nm-connection-editor support for the option as well.  I believe there are three options wpa_supplicant supports:

1) no randomization
2) randomization for scan, use stable MAC for association
3) randomization for scan, use different randomized MAC for association

We could (as suggested above) enhance the "cloned mac address" GUI fields to handle this option too, which would be more elegant than a standalone dropdown or something.  Cloning is different, yes, but it is a subset of the general field of "changing the MAC address to something other than the permanent one".

The same could be done for the wired side (again, as suggested) except of course it wouldn't support scanning.
Comment 7 Jiri Jaburek 2015-02-11 10:51:20 UTC 
There's also (possibly related) kernel support for scanning with random MAC addresses,
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ad2b26abc157460ca6fac1a53a2bfeade283adfa
Comment 8 Dan Williams 2015-10-08 16:13:54 UTC 
Work/review for this is happening in bug 734081.

*** This bug has been marked as a duplicate of bug 734081 ***